Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2354843006:
[Durable] Clear durable permission when clearing site data. (Closed)
Description[Durable] Clear durable permission when clearing site data.
The Durable permission allows sites to gait preferential
treatment during our auto-eviction process for all storage
(indexeddb, local storage, cache storage, etc). If we're
clearing all of this data per user request, we want to
remove the permission, and then the site can ask for that
permission again.
BUG=629951
Committed: https://crrev.com/27ca374c96f1b58190e64520e2ae65d9e7a28ccc
Cr-Commit-Position: refs/heads/master@{#421936}
Patch Set 1 #
Total comments: 7
Patch Set 2 : comments #Patch Set 3 : fixed extension tests #
Total comments: 5
Patch Set 4 : fix test #
Messages
Total messages: 45 (26 generated)
dmurph@chromium.org changed reviewers: + msramek@chromium.org
Hey Martin, can you PTAL at this change?
The CQ bit was checked by dmurph@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
Description was changed from ========== [Durable] Clear durable permission when clearing site data. BUG=629951 ========== to ========== [Durable] Clear durable permission when clearing site data. BUG=629951 ==========
Looks generally good, but I left some comments on the test. Can you remind me what signals we use to grant the durable storage permission? I want to make sure that adding it to "SITE_DATA" makes sense. https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... File chrome/browser/browsing_data/browsing_data_remover_unittest.cc (right): https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... chrome/browser/browsing_data/browsing_data_remover_unittest.cc:2655: // Verify we only have allow I don't think that's what we're verifying. Both added exceptions are ALLOW, so even if the deletion failed, we would only have ALLOW. https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... chrome/browser/browsing_data/browsing_data_remover_unittest.cc:2660: ASSERT_TRUE(host_settings.size() >= 1u); This seems unnecessary given the next line. https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... chrome/browser/browsing_data/browsing_data_remover_unittest.cc:2662: // The second origin should be deleted. nit: I would instead say "only the first origin should have been left", as that's what you're testing. https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... chrome/browser/browsing_data/browsing_data_remover_unittest.cc:2667: << host_settings[0].primary_pattern.ToString(); This output seems out of place - should that be |host_settings[0].setting| instead? Also below.
We currently grant durable storage only if the user has a bookmark w/ the requesting origin. We want to expand this in the future to use our 'Important' metric - which combines site engagement, bookmarks, add to homescreen, and notification permission. It's considered a bug that clearing the sites data doesn't remove the permission - the site should need to re-request the permission (which in this case would be granted again as long as the user didn't remove their bookmarks). Durable permission lets sites store more data. https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... File chrome/browser/browsing_data/browsing_data_remover_unittest.cc (right): https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... chrome/browser/browsing_data/browsing_data_remover_unittest.cc:2660: ASSERT_TRUE(host_settings.size() >= 1u); On 2016/09/21 13:46:11, msramek wrote: > This seems unnecessary given the next line. Done. https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... chrome/browser/browsing_data/browsing_data_remover_unittest.cc:2662: // The second origin should be deleted. On 2016/09/21 13:46:11, msramek wrote: > nit: I would instead say "only the first origin should have been left", as > that's what you're testing. Done. https://codereview.chromium.org/2354843006/diff/1/chrome/browser/browsing_dat... chrome/browser/browsing_data/browsing_data_remover_unittest.cc:2667: << host_settings[0].primary_pattern.ToString(); On 2016/09/21 13:46:11, msramek wrote: > This output seems out of place - should that be |host_settings[0].setting| > instead? Also below. Done.
edit: it doesn't let sites store more data, it removes them from the auto-evict list if we get storage pressure.
The CQ bit was checked by dmurph@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
Ok, that makes sense. I was considering whether history would be a better option, and in some sense that's already the case - as deleting history (-> clearing site engagement) and bookmarks will make a website ineligible for durable storage. Clearing site data revokes the actually granted permission, but the website can ask for it again and will probably get it again if no other conditions changed. So this LGTM.
Hmm, one more question - does this only affect local storage or other backends as well? Because in that case we should simply delete it together with local storage.
On 2016/09/22 16:30:59, msramek wrote: > Hmm, one more question - does this only affect local storage or other backends > as well? Because in that case we should simply delete it together with local > storage. It effects all storage backends (indexeddb, localstorage, cache storage, etc)
The CQ bit was checked by dmurph@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== [Durable] Clear durable permission when clearing site data. BUG=629951 ========== to ========== [Durable] Clear durable permission when clearing site data. The Durable permission allows sites to gait preferential treatment during our auto-eviction process for all storage (indexeddb, local storage, cache storage, etc). If we're clearing all of this data per user request, we want to remove the permission, and then the site can ask for that permission again. BUG=629951 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_chromium_asan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
OK. Those failing tests are exactly the reason I was asking - if we could lump durable storage with an existing datatype, we wouldn't have to deal with them. What's failing is that there's no concept of SITE_DATA in extensions' browsingData API, only individual types of storage. You'll probably want to define a "durable_storage" type there, or just fix the tests if you think extensions should not have that capability.
The CQ bit was checked by dmurph@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Thanks for the info, I fixed the tests but added a bug to support it. It looks like we might want this to happen when the extension clears "protectedWeb". Is there an easy way to do that? I added a bug to add this feature to the browsing data api: https://bugs.chromium.org/p/chromium/issues/detail?id=649817. Can you PTAL one more time to verify my logic? Thanks, DAniel
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
msramek@chromium.org changed reviewers: + mkwst@chromium.org
A TODO and a bug to add the extensions API later SGTM. However, when we implement it, it should have its own bucket. I can see how you came to the idea of lumping it with "protectedWeb", since both concepts represent some kind of privileged websites, but it doesn't work that way. "protectedWeb" is an orthogonal category - it means hosted apps' data. And I assume whether something is a hosted app is independent of whether it has a durable storage? I left some comments, but note that I'm not an owner of the API, so let me add +Mike. https://codereview.chromium.org/2354843006/diff/40001/chrome/browser/extensio... File chrome/browser/extensions/api/browsing_data/browsing_data_test.cc (right): https://codereview.chromium.org/2354843006/diff/40001/chrome/browser/extensio... chrome/browser/extensions/api/browsing_data/browsing_data_test.cc:501: int site_data_no_plugins = site_data_no_usage & site_data_no_durable & nit: These constants exclude more than they claim. Can we rename them? https://codereview.chromium.org/2354843006/diff/40001/chrome/browser/extensio... chrome/browser/extensions/api/browsing_data/browsing_data_test.cc:520: site_data_no_usage); This should probably be |site_data_no_durable| in the current setup. https://codereview.chromium.org/2354843006/diff/40001/chrome/browser/extensio... chrome/browser/extensions/api/browsing_data/browsing_data_test.cc:525: int site_data_no_plugins = BrowsingDataRemover::REMOVE_SITE_DATA & Ditto here. I know that it was already wrong before, but please rename to e.g. |site_data_supported_types|.
The CQ bit was checked by dmurph@chromium.org to run a CQ dry run
https://codereview.chromium.org/2354843006/diff/40001/chrome/browser/extensio... File chrome/browser/extensions/api/browsing_data/browsing_data_test.cc (right): https://codereview.chromium.org/2354843006/diff/40001/chrome/browser/extensio... chrome/browser/extensions/api/browsing_data/browsing_data_test.cc:501: int site_data_no_plugins = site_data_no_usage & site_data_no_durable & On 2016/09/26 12:59:00, msramek wrote: > nit: These constants exclude more than they claim. Can we rename them? Done. https://codereview.chromium.org/2354843006/diff/40001/chrome/browser/extensio... chrome/browser/extensions/api/browsing_data/browsing_data_test.cc:520: site_data_no_usage); On 2016/09/26 12:59:00, msramek wrote: > This should probably be |site_data_no_durable| in the current setup. Done.
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
For the browsing data api question: A hosted app is different than durable, but the effort is to make any webapp able to request the durable permission and then have it's storage a bit more protected like a hosted app. So it's sorted of the protected web in that way, where we don't want to default it to being cleared. But maybe the API isn't supposed to be set up that way.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The changes to the extension test LGTM. Deferring to msramek@ on the rest.
Thanks! The discussion between martin and I after his LGTM was just the test and the followup with Browsing Data API, so this patch should be good.
The CQ bit was checked by dmurph@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from msramek@chromium.org Link to the patchset: https://codereview.chromium.org/2354843006/#ps60001 (title: "fix test")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== [Durable] Clear durable permission when clearing site data. The Durable permission allows sites to gait preferential treatment during our auto-eviction process for all storage (indexeddb, local storage, cache storage, etc). If we're clearing all of this data per user request, we want to remove the permission, and then the site can ask for that permission again. BUG=629951 ========== to ========== [Durable] Clear durable permission when clearing site data. The Durable permission allows sites to gait preferential treatment during our auto-eviction process for all storage (indexeddb, local storage, cache storage, etc). If we're clearing all of this data per user request, we want to remove the permission, and then the site can ask for that permission again. BUG=629951 ==========
Message was sent while issue was closed.
Committed patchset #4 (id:60001)
Message was sent while issue was closed.
Description was changed from ========== [Durable] Clear durable permission when clearing site data. The Durable permission allows sites to gait preferential treatment during our auto-eviction process for all storage (indexeddb, local storage, cache storage, etc). If we're clearing all of this data per user request, we want to remove the permission, and then the site can ask for that permission again. BUG=629951 ========== to ========== [Durable] Clear durable permission when clearing site data. The Durable permission allows sites to gait preferential treatment during our auto-eviction process for all storage (indexeddb, local storage, cache storage, etc). If we're clearing all of this data per user request, we want to remove the permission, and then the site can ask for that permission again. BUG=629951 Committed: https://crrev.com/27ca374c96f1b58190e64520e2ae65d9e7a28ccc Cr-Commit-Position: refs/heads/master@{#421936} ==========
Message was sent while issue was closed.
Patchset 4 (id:??) landed as https://crrev.com/27ca374c96f1b58190e64520e2ae65d9e7a28ccc Cr-Commit-Position: refs/heads/master@{#421936} |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
